Cyber Security: Protecting the Family Jewels

summary

How A Teenager’s Early Internet Exploits Led to a Career in Cybersecurity

Il contenuto dei post sulle risorse viene visualizzato solo in inglese.

Raymond Hawkins: Welcome again to another edition of Not Your Father’s Data Center. I am your host, Raymond Hawkins, with Compass Data Centers in Dallas 429, Texas. We are recording today on Thursday, September 9, as our world continues to struggle with the global pandemic, and today we are joined by Vice President of Security Research for North America Amit Serper and he is with Guardicore. Amit, how are you today?

Amit Serper: Hi, I’m doing very well. Thanks for having me.

Raymond Hawkins: Well Amit, if you’ll hang on with us, we’re going to do our trivia questions. Unfortunately you are not eligible for the massive prizes for knowing the right answers but we’re going to run through a couple of quick security-related trivia questions. For those who listen to our podcast, we always love hearing from you. You can email us at answers@compassdatacenters.com. It’s Data Centers with an s, answers, or you can email me at rhawkins@compassdatacenters.com. So as always, we give prizes to the first five right answers, $100 Amazon gift cards, we have three questions this week in honor of cybersecurity. Question one, what is the estimated cost of cyber crime globally last year? We got four options, you can say a) a trillion dollars, b) two trillion, c) three trillion, or d) four trillion. Amit I know is dying to answer but he doesn’t get to. Second question, what is the average payment for ransomware attacks? a) $100,000 b) $84,000 c) $150,000 or d) $200,000 and our final security trivia question, what was the average cost of a data breach last year, a) $2.75 million, b) $4.27 million, c) $3.86 million, or d) $3.48 million. All of those are interesting numbers, all of those are expensive.

Raymond Hawkins: Amit, if you are willing, we would love to start out with your very interesting background, especially we’d love to hear about a young man selling security services and internet services out of his bedroom in his teenage years, when most of the rest of us were thinking about how do we make the local sports club or how do we line up a date for the dance, you were running the internet. So start there if you’re willing and tell us –

Amit Serper: Okay, well I wasn’t expecting that one. Yeah. Wow. So yeah. What you just talked about happened when I was 15. You probably could tell that my name is weird. It is because while I do live in the U.S. now, I’m originally Israeli, I am from Israel, I grew up and lived there, 30 years of my life. When I was 15, cable internet had been starting to roll out in Israel and I was actually lucky enough to be on the beta test. So that means that the cable company would come to your house, that was 2001 by the way. The cable company would come to your house, install what was then like the first really, really fast broadband connection based on the cable infrastructure. Until then we were all using either old analog 56K dial-up modem or ADSL. So when they started rolling out the cable internet, I was a beta tester and they had actually installed an uncapped cable connection in my house so I had … What back then was a very, very fast, I think it was a five or a seven megabit symmetric connection.

Raymond Hawkins: Was that a mistake that you got an uncapped line or was that part of the beta test program?

Amit Serper: No, that was part of the beta test. Afterwards the [inaudible 00:03:57] came close to being like fully approved and to be marketed and sold, they actually capped that but I found a way to hack the modem and disable the cap. But that’s a different story.

Raymond Hawkins: That will be our next episode.

Amit Serper: And at that time, I was a wee 15-year-old lad. That’s when I started getting into like doing stuff with computers that aren’t necessarily just gaming on them. So I had three computers in my teenage bedroom that I managed to get like all sorts of parts from friends and their old computers and just like … I had parts laying around and I built three servers, one was running FreeBSD, one was running I think Debian Linux and the third one was running Windows 2000.

Raymond Hawkins: Which began your love affair with the Microsoft operating system I’m assuming.

Amit Serper: Oh yeah. That’s why I started using Windows [inaudible 00:05:00]. I sold web hosting packages that ran on these three computers that were made out of spare parts and were running in my teenage bedroom.

Raymond Hawkins: Unbelievable. All right, there was a cool name for that first web hosting business. You got to tell me the why behind the name.

Amit Serper: So it was Evil Cheese. The domain was evilcheese.net. Unfortunately I don’t own this domain anymore. I didn’t have a name back then and I couldn’t figure out one, so there was a website which I can’t remember which website it was but it was a rock band name generator. So I’m also a musician, so I also play a bunch of instruments in bands, in rock bands, and back at the time, I was a drummer in my first ever band that I played in because I was 15 and we were looking for a name so I went on this website and I started generating random names and one of those names was Evil Cheese. So I just called the domain evilcheese.net and that was the name of the company that I had back then.

Raymond Hawkins: All right. So not a lactose intolerance reference but a rock band name generates the website, so good, got it, okay. Good stuff.

Amit Serper: Yeah. I became lactose intolerant years later.

Raymond Hawkins: Years later, I gotcha.

Amit Serper: So it actually lines up.

Raymond Hawkins: Yeah, it might have been a predictor of things to come, Evil Cheese. Very good. Well awesome. So 15 years old, you’re literally selling web services out of your home, talking about learning the basics of the internet. I love the reference that you hacked the modem. I mean you’re learning at the very basic levels, at the early stages of what goes on in the internet. This is right as the .com explosion is about to happen and all the world is about to start to realize that, “Wait, I could buy things by clicking a button.” So you were at the very beginning stages of that. So you’re literally in high school, running your own web services business. Tell us where it went from there.

Amit Serper: So actually, I had this service running for … I think two or three years, and at one point, and as I said earlier, at a certain point, while I was running the service, I actually started getting … Or my parents rather started getting all sorts of weird phone calls from the cable company, telling them that there’s very high upload usage and if there’s anything that the cable company should know about, and my parents being like … Back then they were in their late fifties or early sixties, they obviously had no idea what was wrong and they just let me talk to the people on the phone. I played dumb and eventually they upgraded the system in a way that my speed hack didn’t work anymore and I had to close shop. So I think Evil Cheese lasted for two or three years, I honestly don’t remember. By the time I had to close my service, I had about 30 customers, 25 customers, something like that, and I basically told all of them starting this date, this service will be unavailable, I’m closing shop, and that’s pretty much how it ended.

Raymond Hawkins: So Amit, before we transition into a little bit more official roles that you took after Evil Cheese, did any of the Evil Cheese band T-shirts survive? Because we would love to be able to raffle one of those off to our listeners if there’s any Evil Cheese memorabilia –

Amit Serper: No. Never had. Never had [inaudible 00:08:36].

Raymond Hawkins: Okay, all right, all right, all right, all right. That would make a heck of a band shirt though.

Amit Serper: Yeah.

Raymond Hawkins: Evil Cheese Tour 2001 or something like that would be great. All right, so you shut down your web hosting business and like most young Israelis, you end up in the military for a short stint. So take us from there.

Amit Serper: Yeah. So in Israel, once you turn 18, basically when you graduate high school, you have to go through three years of mandatory military service if you’re a guy. I think that it’s different for women but I honestly don’t remember. When you are around the age of 17, 17 and 1/2, you have all sorts of various units in the military or other places in the Israeli security apparatus, they’re basically starting to look at the data of the new soldiers to be so to speak. So when you’re 17, you’re being invited to the military for some interviews and some tests to basically assess your intelligence and all sorts of things and according to the data provided by these tests, you are then asked to come to all sorts of interviews for the actual units that you might be serving in for that period of three years.

Amit Serper: So I went to that interview which was very weird, a very weird experience for me, and other than interviews, there’s also some physical tests to see if you’re fit to combat and as you can probably see, I am definitely not combat material. So after a few months, a few months after these interviews, I started getting phone calls from all sorts of military units inviting me for more assessments and interviews and I ended up getting invited into an interview with a unit that was outside of the army, so basically to do my military service at a place that is not the military, but was a part of the Israeli security apparatus. I ended up actually going there, doing my mandatory military service at one of Israel’s intelligence services, and I actually ended up staying there for nine years. So a few years after my mandatory service. So I served there. Obviously I can’t really talk about what I did but you can imagine what it was.

Raymond Hawkins: Yeah Amit, we would rather you not have to kill me or Alex our technician, so let’s leave that part out.

Amit Serper: Not combat material. Wouldn’t be able to kill anyone.

Raymond Hawkins: All right.

Amit Serper: Ended up staying there for nine years. Doing all sorts of security research related products, both offensive security research and defensive. So meaning both finding vulnerabilities and exploiting them and hacking into places and building systems that can defend us from similar things. Basically after nine years there doing various research roles, I decided that chapter of my life is over and I left the government and joined an early stage security startup which I was employee number 14, today there are over 1,000.

Raymond Hawkins: All right. So started in high school on a beta test uncapped line in your bedroom and ended up working for the Israeli defense forces in cybersecurity. That’s quite a journey and then on into the commercial world. So I got a ton of questions, Amit. We can go all over the board here. For those of us who security isn’t our job, we think about, “Hey, I don’t want anyone to have my passcodes. I don’t want anyone to hack my phone.” We think about security in relatively simple terms I think, but we see in the news I think the ones that get the most attention are ransomware attacks or denial of service. Can you talk through a little bit for us, what are the biggest concerns? Why as both a consumer and as a business, what are the biggest concerns? And then why this is continually changing? I think both of those would be fascinating. How should we think about it as a business, how should we think about it as a consumer, and why is it always changing?

Amit Serper: Yeah. So this is actually a really good question, especially when we talk about the subject of ransomware that’s been all over the news pretty much for a few years straight now but the whole thing had gotten way worse now, in like the past year of the pandemic, pretty sure that the two are related by the way. The way that you phrase this question is actually a very good way to look at it because there is the side of the business and there is the side of the consumer, you as you know, as the regular person, and ransomware affects all of us. So if we go back a few years to where ransomware started to become a thing that we hear about, ransomware attacks started by basically blackmailing ordinary people. Like someone would get an email, you would get an email that you would think that is from a reputable source, and you would open the attachment and the attachment would have the malware that will encrypt your machine and will tell you, “Hey, if you want to decrypt all of your data, send us this amount of bitcoin to this address,” and maybe, again no one is promising you that, maybe you will get the decryption key and you would be able to restore all of your data.

Amit Serper: So for the first few years of ransomware, this is what we knew. Like random people all across the world, many times it was elderly people that people who weren’t necessarily knowing their way around computers, they got hit, and I don’t really know if it yielded any profits to the attackers. Because they were just attacking random people and some of those people would pay, some of those people would not. So it’s not like it was like this steady source of income to these attackers.

Amit Serper: Then in 2017, two really big events happened in which I was actually involved in the remediation of one of them. So the first big event was WannaCry. WannaCry was a huge ransomware attack that was conducted allegedly by the Russians, by the Russian state, allegedly according to all of the publications that are available to us. This attack actually used a bunch of exploits and tools that leaked from I think it was the CIA back then, just a few weeks before. So there was some kind of a data leak at the CIA and a bunch of their cyber tools leaked, and the people behind the WannaCry attack basically took these capabilities provided by these exploits and tools and packaged them into WannaCry.

Amit Serper: What WannaCry was, it was a piece of malware that was able to spread around the network, so if for example you’re sitting in your office and there are 200 machines in your office, and you would open that malicious payload that contains the WannaCry ransomware, WannaCry will run it on your machine, encrypt your machine but it will also propagate all around your network and encrypt those machines and so on and so forth. This is what we call a worm. So WannaCry was a huge ransomware worm that ran amok the entire world. It caused a lot of destruction. The British NHS, the National Health Services that they have there, were crippled almost completely by that, so doctors couldn’t use their computers to look at health charts and everybody had to go back to pen and paper. All sorts of companies, universities, schools, municipalities, governments, whatever, all around the world got shot down.

Amit Serper: But until a British researcher named Marcus Hutchins, also nicknamed MalwareTech online, actually reverse engineered the sample of WannaCry and he found that when WannaCry runs, it actually tries to connect to this address on the internet, to this domain name, that at that time was not registered. So Marcus Hutchins actually went and registered that domain name, and what he and basically the entire world discovered the moment that he registered the domain, all of the instances of WannaCry that were now executing were trying to hit that domain to get to it, now after it was registered, they did get to this domain, and that domain was actually a kill switch that was built in the malware, and that caused the malware to basically stop in its track and stop and that helped significantly to remediate that problem that WannaCry caused.

Amit Serper: So about two months after that happened, there was another very, very big ransomware attack called this time NotPetya. NotPetya was actually very interesting because it originally started from a Ukrainian accounting software company, basically a company in Ukraine that makes, an accounting company, sort of like, if I have to compare it to what we know here in the U.S., I would [inaudible 00:18:55] it’s something like Quicken or QuickBooks, basically something that helps you to file your taxes and do all sorts of these things in Ukraine, and the way that it works in Ukraine is that every business, either within Ukraine or outside of it, that conducts business in the country of Ukraine, has to use this program in order to do something with the taxes over there. So the attackers behind NotPetya did what’s called a supply chain attack. They hacked into the company that makes this accounting software, the name of the program is MeDoc, the name of the company is Intellect Systems if I recall correctly. They hacked into that company and basically added their own piece of code in the software that downloads the NotPetya malware and runs it wherever the attacker wants.

Amit Serper: So basically whoever used the MeDoc software also had the NotPetya malware basically waiting to run on command by the attackers. The attackers then executed this attack and this was I think even up to date was the most devastating ransomware attack. So shipping company Maersk completely stopped working. Computers all across Ukraine stopped working including ATMs, people couldn’t get money, couldn’t swipe credit cards, couldn’t go to the ATM, couldn’t go to schools, universities. I think in some cases power plants. It was an absolute disaster. It took Maersk months to recover from that. It affected the worldwide supply chain of goods, meaning actual containers were stuck at ports and trucks could not get into ports because of that, because all the computers were down.

Amit Serper: At that point, while NotPetya started to go wild, I was actually on vacation in Israel visiting my family, and I was sitting in the living room at my parents’ house, watching TV with my dad as they were talking about this cyber attack, and my dad was asking me questions about it because my dad is not that … He’s not an expert in technology let’s say, and he started asking me questions and I said, “You know what? I don’t know,” and he said, “Do you think that this attack could be stopped? Can someone stop it or is it just going to run amok until it basically runs out of computers to infect?” I said, “Honestly, I don’t know, but I have my computer here with all of my tools from work and maybe if I could get my hands on a sample of that malware, maybe I could analyze it.”

Amit Serper: So I actually managed to get a sample of this malware and I was in this chat group with a bunch of other people who were trying to understand what they can do about it, and while they were focusing all of their efforts on the encryption part of the malware, basically trying to find some kind of weakness in the encryption or see if the decryption key is embedded somewhere or if you can do something to decrypt the files, I was actually looking at something simpler than that. I wanted to see if I could find some sort of a kill switch like Marcus Hutchins found just a few months beforehand. Actually within not long, within I would say … Probably half an hour, 45 minutes, I found some logic that the developers of the malware left in the code, that basically says when the malware starts to run, it checks for a certain file on your computer, it checks if it exists. If that file exists, the malware will not run, it will not encrypt the machine and it will just stop working and that’s it.

Amit Serper: The interesting part in what I found was that it was not a kill switch because what Marcus found, what Marcus Hutchins found, once he registered that domain, all of the NotPetya samples out there in the wild just stopped working. With what I found, it was more like … I called it a vaccine, which is funny, we all talk about vaccines now in 2021 but that was 2017, when the only global pandemic we had was a ransomware pandemic. Basically what I found is that if you will manually create that file in a certain way on your machine, if you end up getting infected by NotPetya, if it in some way manages to get into your machine, because it was also a worm, just like WannaCry, where it spreads from machine to machine and encrypts and spreads onwards, very much like COVID if we do the comparison. So if you will create that file in a certain way, you would basically be immune from infection to this piece of ransomware.

Amit Serper: So once I found that, sitting at my parents’ house with my laptop on my knees, I started putting that online and I put it on my Twitter account, and no pun intended it became viral and gave me my 15 minutes of fame. So that was very exciting. So back to our discussion about ransomware, when we look at ransom –

Raymond Hawkins: One more question before we get off of NotPetya. So that stopped future infections. How did you guys fix the machines that had been infected?

Amit Serper: It did not. Once the machines were infected, it was a done deal, and also the point of NotPetya, NotPetya actually, I reverse-engineered its code and many others have as well, and there was actually no code within NotPetya to decrypt whatever was encrypted. So it was a one-way process. The whole point of NotPetya was to cause destruction.

Raymond Hawkins: It was just to destroy. Not to generate revenue.

Amit Serper: Yeah. I mean there was, you did have this your machine is encrypted screen with a bitcoin wallet address, and some people actually paid, thinking they would get the decryption key back, but they didn’t hear back from the attackers obviously because the whole goal of this thing was to create destruction.

Raymond Hawkins: There was no way to unwind it.

Amit Serper: Yeah. Once your machine was infected, that was a done deal. But if you used the trick that I found back there, you would be “immune” from sustaining any damage.

Raymond Hawkins: Fascinating stuff. All right, I stopped you, you were transitioning back to the original question about commerce, commercial interests, business interests and individual, sorry I stopped you.

Amit Serper: Right. So now when we are at this age of ransomware attackers attacking companies and not private people, citizens so to say, it’s a very different ballgame. It’s a completely different ballgame because if my machine was attacked or if your machine was attacked, our data was encrypted. Okay, tough luck. We don’t have access to our documents or to … I don’t know, to our kids’ pictures or whatever, but that would be it pretty much. I mean the fact that my machine is encrypted doesn’t really affect yours. But with the way that ransomware attacks have been going on since then, especially with WannaCry and NotPetya sort of starting this whole trend of attacking large scale companies and such, we are now in a more serious problem where ransomware attacks are not necessarily just to get the ransom to decrypt the files, but they’re also now what’s called a double extortion attack.

Amit Serper: Meaning or a threat actor rather, I don’t like to use the word hacker, but a threat actor would break into your environment and leak a whole bunch of information from your organization and only after that information was leaked they will then encrypt your data and basically now they’re telling you, “If you want to decrypt the data, you need to pay us this amount of money. But also if you don’t want us to leak all of that data out, to put it on the internet for everyone, you have to pay us more money.” So you’re now being extorted twice, hence the name a double extortion attack.

Amit Serper: So now when all of these organizations are being breached, they are holding everyone’s data hostage. So tomorrow, my bank for example could be breached and if you and I are in the same bank, then you and I are both affected by something that we have zero control of. Because this is not us opening emails or double-clicking an attachment we should not. This is someone in the bank security not doing their job correctly, which causes us, the customers, to suffer. So this is the transition that the ransomware market so to say sort of went through, from targeting just regular people to targeting huge organizations and when you look in all of these forums that these threat actors converse in, mostly on what’s called the dark web, you would see that they are doing their prep work. They are looking to buy access into companies that have large revenue and they would look at …

Amit Serper: If someone is able to sell them access to this company, sometimes it could be an inside person that works for the organization and is just wanting to make a quick buck and sell access to the organization or it could be a different group of attackers that their sole job is to gain that foothold and then sell it onwards to people who would put ransomware on it. So the people behind the ransomware attack are actually doing their research on these companies. What is their revenue? Who are their customers? What kind of market they’re in? Are they a bank, are they an insurance company, and so on and so forth, and they will then get into these organizations, encrypt the data, exfiltrate a lot of stuff outside, and they will do that and now we hear about those things literally every week. Sometimes multiple times a week.

Amit Serper: So ransomware is now more of a danger than it was before, merely because there is nothing that we can do about it. We can do nothing about how our bank or insurance company or whatever other organization that has our data and gets attacked, secure their organizations. We have no control over it. So this is why it’s really, really bad.

Raymond Hawkins: So Amit, as I look at what makes the news, I see attacks on … As you’re describing, against really big companies, but I also see attacks, and this is going to sound funny, against small cities. I read a lot about such and such city wrote an $84,000 payment to get their system back. Is the target of these cyber criminals, I’m not sure if that’s even the right term, I know you said you didn’t like using the word hacker, but are they really … I can see why a big financial institution with that data would be a great target because of the huge expense and the huge loss of confidence in that financial institution. But I read stories about little … I mean that’s just the best example I can give. Why would they attack a small city? Is it because they’re easy targets?

Amit Serper: I honestly think … I mean that’s a good question. I can give my take on it. I have no idea if it’s correct or not. This is just my guess, but I would say that a lot of these attackers are coming from countries outside the U.S., Russia or the former Eastern bloc over there in Eastern Europe. I think that there is this notion that if you would ransomware a school district in America, they would pay because America wants their kids to go to school and American school districts have money because this is how America is being perceived outside of it. I know that in my previous work, so now I work at Guardicore, but before that company, I said I joined early, was company called Cybereason and back when I worked there I was doing a lot of incident response engagements with these exact victims. School districts and small towns and so on and they would say, “We have no money to pay these ridiculous ransoms. We can’t afford it.”

Amit Serper: So we did see, and again, I don’t know what the data is now, because it’s not the kind of stuff I work on anymore. But back when I was in Cybereason, we did see a big spike in school districts and towns being attacked and then after they had issues or trouble with getting the funds to pay to the attackers, it sort of like died down and the attackers focused more on entities that actually have revenue. Hospitals, large corporations and so on.

Raymond Hawkins: So I’m going to ask a dumb … I lead sales and marketing, so we’re not the smartest group in the business. So I’m going to ask a dumb sales guy question. I don’t understand, as we see these attackers, aren’t there digital footprints for lack of a better term? Isn’t there a way to figure out who this is? How does that person hide on the other end of the world? Is it just because they’re in a place that we physically can’t get to them? Can you determine who they are or can they legitimately hide? Meaning digitally hide is what I’m asking?

Amit Serper: Yeah. So I think it’s a little bit of both. I mean first of all, if you know what you’re doing, if you really know what you’re doing, if you’re experienced, if you have the right tools and resources, hiding on the internet, especially when doing something like that, is not a difficult thing to do. It’s by no means, I mean again, if someone like the United States or some sort of cyber superpower if you will would want to know who are these people, I assume that in some way or form, they could do it. Be it by cyber means or by other intelligence means. I mean this is what intelligence agencies do. But if we go back for a second, hiding yourself on the internet, again, if you know what you’re doing, if you’re doing it correctly, because it is an art form, it’s not something that’s difficult to do. It’s not something difficult to hide yourself in a way that makes it very, very difficult to find you.

Amit Serper: On top of that, you have these people working in countries that don’t really have a very good relationship with the U.S. right now. For example, Russia. There are tons of videos on the internet of these ransomware criminals driving their fancy cars all across Russia, doing donuts on public roads, and basically not really caring about other peoples or the laws in that country. It’s been known that in Russia for example, it’s been known that usually the authorities won’t really go after you unless you are targeting Russia or Russians. So when these cyber criminals are focusing their efforts on Western countries, and they don’t target Russians, it’s sort of like nobody really sees you. So that is really the problem that we are experiencing, especially with brazen groups such as REvil and these groups that recently breached into the Colonial Pipeline in the U.S. and so on.

Raymond Hawkins: So Amit, I’m going to ask you, we’ve talked a little bit about how you and I as just regular Joe consumers, we can be exposed because we have no control over what our bank does and what they do with our data. If somebody hacks into my laptop, they get my few work papers and they get my kids’ pictures, right? So that’s a small problem. We’ve talked about it from a commercial perspective or even a small government, a school district or something like that. As I think about cyber risks on a larger scale, I live in Texas, this past winter, we had what we call Snowmageddon. Eight days below freezing which is unheard of here, and everything shut down. That was weather-related, but when I think about a cyber crime, isn’t it possible to … You mentioned a pipeline, aren’t there things where you could have large scale …

Raymond Hawkins: I mean I think about in our business, so in the data center 429business, so much of the global internet traffic runs through [inaudible 00:37:12]. Are there vulnerabilities from cyber crime to cripple the internet, cripple digital parts of the economy, cripple parts of our systems that are now wholly dependent on technology, and where I’m going with that Amit, is a totally different kind of warfare, right? Not warfare where we shot at each other, but warfare where we shut down the food supply chain. Warfare where we shut down the ability to travel, planes and trains and things of that nature. Can you talk to me about that large scale risk in the cyber crime world?

Amit Serper: Yeah, absolutely. If you would have asked me that question even five, six years ago, I would have said, “We’re not there, it’s FUD, fear, uncertainty and doubt. It’s something that’s being blown out of proportion or being propelled in the news just to cause stress.” But we have actually been living this reality that you have just talked about. This is the reality in the past few years. So you mentioned electricity. A few years ago, I think it was 2015 or ’14, Russia breached Ukraine’s power grid and shut it down, in the dead of winter, and people were at home in Ukraine in temperatures that are similar to what you described and I am from Massachusetts right outside of Boston, so here in New England, it’s just called winter. Power plants in Ukraine were shut down through cybernetic means, and there are videos. If you go on YouTube, you’ll be able to find the videos that the controllers inside the control room took with their phones of the mouse cursor moving by itself and going and shutting switches one by one. You could see that. That happened.

Amit Serper: Anton Cherepanov from ESET and a few other people from American company Dragos I think, they have had a whole research about that. They did the incident response, the incident response to that particular incident and they have revealed a lot of the details [inaudible 00:39:39] a few years ago, excuse me. There is a book by Andy Greenberg, a really good journalist from WIRED, that’s called Sandworm that actually talks about NotPetya. I was actually interviewed to that book, I discussed whatever it is I just talked to you about in NotPetya, and in that book they do go into very great details about what happened by that … SandWorm is the name of the threat actor, the Russian threat actor that did all of that. So they’re actually going into the details of this attack on Ukraine’s power grid. If you’re talking about messing with the internet or everything that has to do with our digital life so to speak, that happened also, also by Russia. I think that was either in … I think it was in Estonia in 2008, but I’m not sure. So Estonia is a very digital country. A lot of the things there are being done through the web. You can even vote, cast your ballot for the election, online. You don’t even need to leave your house. They’re a very, very digital nation. If one can use such terms.

Amit Serper: In one of their skirmishes, I’m almost sure it was Estonia and Russia, it was either Georgia or Estonia or both. But that happened there as well. The internet infrastructure in that country was brought to its knees, all of the government website and infrastructure was basically shut down, again by attackers. So we are living this reality right now. In Iran, what was it? A month or two ago, all of the trains stopped working and people at the train station, when they were looking at the signs, the signs that if you have any issues with the train please call this phone number. That phone number was actually the phone number of Khamenei, who is the ruler of Iran, the supreme ruler of Iran. That number was put there by the attacker. That was sort of like the number in his office. So we have been living this reality for a few years now. Some of us know it more, some of us know it less. But this is life now.

Raymond Hawkins: Well Amit, thank you for catching us up on the world of cyber crime. Can you give us just a minute as we wind down here, can you tell us a little bit about what Guardicore does and what you do there as your role of VP of security research that … We’d be interested in hearing where you guys fit in this saving us all from cyber criminal world.

Amit Serper: Yeah, definitely. So Guardicore actually does something really cool and refreshing, which is actually one of the main reasons why I decided to join Guardicore back in January of this year. So Guardicore is in the micro-segmentation world, which is actually sort of like the new take or hopefully what will replace the legacy network security equipment that we know as firewalls. So firewalls in most cases are just like a box that sits in your network and has everything connected to it and this box basically tells network packets whether to go on to their destination or just drop dead in their place. Our product is actually a software-based solution, it’s an agent that you deploy on all of your machines in your organization, and you can create all sorts of policies that allow traffic to go through or not. You can actually set policies to the application level and not to an IP address level as you would do in a legacy firewall.

Amit Serper: So no more boxes, no more cables that have to be routed through this box and then through the rest of the network. It also gives you amazing visibility to see what’s running on your machine, what piece of software talks to which server, in case of a ransomware attack for example. This is a great case, in case of a ransomware attack when computers are starting to get encrypted one by one, within the click of a button you can basically shut everything down, disconnect all of your network or compartmentalize parts of your network and basically manage the risk and mitigate it very, very, very quickly. And at Guardicore, I work at part of the organization that’s called Guardicore Labs. I work with an amazing, amazing team of brilliant security researchers and basically what we do is in our team is we hack into stuff, we find security vulnerabilities, we do the most cutting edge security research and we write a report about it and we publish it for free in order to raise awareness and help other companies know about risks that they have.

Amit Serper: For example, a brilliant researcher that I’m proud to be working with on my team, Ophir Harpaz, she’s Israeli as you can tell by the name. She and another Israeli researcher called [inaudible 00:44:58], they both found a critical vulnerability in Microsoft Azure, in the engine that runs Azure which actually allowed an attacker to crash an entire cluster of Microsoft Azure’s servers with one packet. They have disclosed it to Microsoft a couple of months ago and actually spoke about it in Black Hat in Vegas last month. So this is the stuff we do and we’re very, very excited about it.

Raymond Hawkins: Very cool stuff. Very, very cool. So if I could just put it in sales guy terms, it sounds like you guys allow the network, I think you called it micro-segmentation. “Hey, we’ve located some nasty thing inside our network, some malware piece and we can disconnect and almost draw a cyber fence around it and keep it from proliferating and then address the problem inside that micro-segmentation.”

Amit Serper: Yes, but you can also do that proactively. For example if you have an organization with many divisions, you could say, “Okay, so the people in marketing can only talk to themselves and their servers and their resources and the people from, I don’t know, sales, can’t reach that part of the network.” So if someone from sales gets ransomware, then the ransomware can’t propagate from the sales person’s machine to the marketing person’s machine. This is just a very basic analogy, but yes.

Raymond Hawkins: Right, you talked about the shipping company. If you are able to catch it in one department, you might still be able to deliver containers while you’re still sorting out some other part of the business, I got it.

Amit Serper: Exactly.

Raymond Hawkins: Very, very cool.

Amit Serper: I highly recommend the book Sandworm by Andy Greenberg because it really tells the story in an amazing way and it helps to understand these risks.

Raymond Hawkins: Excellent. Sandworm by Andy Greenberg. We always love book recommendations. Amit, we appreciate you and your team being on the front-lines of that and thank you for joining us on Not Your Father’s Data Center. It’s been great having you. We really, really appreciate it.

Amit Serper: Thank you so much for having me.

Raymond Hawkins: Amit, thank you.